Canary Numbers Design for Light-weight Online Testability of True Random Number … ·...
Transcript of Canary Numbers Design for Light-weight Online Testability of True Random Number … ·...
Canary Numbers:
Design for Light-weight Online Testability of True Random Number Generators
Vladimir Rožić, Bohan Yang, Nele Mentens and Ingrid Verbauwhede
2
Acknowledgment
This work is supported in part by theEuropean Commission through theHorizon 2020 research and innovationprogram under grant agreement No 644052 HECTOR
3
Generic TRNG Architecture
Noise Source
Digitization
Post-processing
HealthTests
Conditioning
OUTPUT ALARM
Entropy Source
Raw numbers
-False alarm rate vs. usefulness
-Better performance for longer sequences
-High latency
4
The role of the canary
-Early-warning threat detection
-Canaries in security: -Software: Canary values, a countermeasure against the buffer overflow attack.
-Hardware: Canary logic, redundant logic paths with high propagation delay
5
Canaries in TRNGs
Conditioning
OUTPUT ALARM
Entropy Source
Raw numbers
Health Tests
Canary numbers
-GOALS:– Higher sensitivity to
attacks– Early attack
detection– Statistical testing on
the canary numbers– Low false positive
error rate– High usefulness– Low latency– Low area
6
TRNG parameters
Conditioning
OUTPUT ALARM
Entropy Source
Raw numbers
Health Tests
e1, e2, ...
Noise Source
Digitization
Post-processing
n1, n2, ...
d1, d2, ...
p1, p2, ...
-Design parameters– Noise Source (n
1, n
2,...)
– Digitization (d1, d
2, …)
– Post-processing (p1, p
2, ...)
-Environment parameters
(e1, e
2, …)
– Critical parameter ec
7
Entropy and Testability
∂H raw
∂ ec ec=ec,OP
≈0
testability=∂ f∂ ece c=e
c,OP
8
Replica-based architecture
Conditioning
OUTPUT ALARM
Entropy Source
Raw numbers
Health Tests
Canary numbers
-Weaker replica of the noise source
-Design space (n1, n
2, ...)
-Detects global changes in environment
-Not a stand-alone countermeasure
Noise Source
Digitization
Post-processing
CanarySource
Digitization
Post-processing
9
Canary-extraction based architecture
Conditioning
OUTPUT ALARM
Entropy Source
Raw numbers
Health Tests
Canary numbers
-Weaker processing of the noise
-Design space (d1, d
2…p
1, p
2,...)
-Testing the noise source
Noise Source
Digitization
Post-processing
CanaryDigitization
CanaryPost-processing
10
Case Study 1: Elementary TRNG
Stochastic model [2] M. Baudet et. al., On the Security of Oscillator-based Random Number Generators. Journal of Cryptology
24(2), 2011.
Critical parameter: jitter accumulation rate
Replica-based architecture
-RO length
11
Case Study 1: Elementary TRNG
12
Case Study 1: Elementary TRNG
Operating point
13
Case Study 1: Elementary TRNG
EXPERIMENT: Collect 10000 sequences of 1024b Compute auto-correlation coefficients Attack: FPGA cooled down using freezing spray Compare Distributions
14
Case Study 1: Elementary TRNG
RAW NUMBERS CANARY NUMBERS
15
Case Study 2: Delay-chain TRNG Noise Source:
Ring-oscillator Digitization:
Tapped delay lines Post-processing:
Priority encoder Canary extraction:
Time-to-Digital Conversion with lower precision
16
Case Study 2: Delay-chain TRNG
RAW NUMBERS CANARY NUMBERS
17
Conclusions A promising testing strategy for some TRNGs Improved distinguish-ability for Elementary TRNG and
Delay-chain TRNG 1024 bits per sequence is probably not enough
18
Future work
Challenges: From operating point to operating range Exploring other TRNG designs
Questions?